Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
RA World ransomware gang lists a New Zealand company as a victim and claims to have stolen 250 gigabytes of internal and customer data.
The RA World ransomware gang has listed Auckland-based telecommunications company Compass Communications as a victim on its darknet leak site, claiming to have stolen 250 gigabytes in the attack.
Compass Communications was listed overnight. According to the leak post, the stolen data includes financial data, customer information, human resources data, and details of the company’s ongoing projects.
No ransom amount has been listed; however, the ransom deadline is listed as 1 January 2025.
RA World also posted a 26.9-megabyte archive of sample data as evidence of the hack. This includes service agreements, financial statements and customer banking details.
Compass Communications has confirmed the incident to Cyber Daily.
“Last week, our security monitoring detected unauthorised access to our system,” a Compass spokesperson told Cyber Daily.
“We took immediate action, engaging external security specialists and notifying relevant government authorities, including the Privacy Commissioner.
“Our response is ongoing, and we are working hard to understand the full extent of the incident. Our initial investigation indicates that some customer information may have been accessed. Where we identify that customer information has been impacted, we will contact those customers directly to address any potential risks and provide appropriate support.
“Given that malicious cyber actors can monitor media and online commentary to further their activities, we will not be commenting further on the nature of the incident or the organisations assisting us at this time.
“We remain committed to transparency and the security of our customers’ data as we continue our investigation.”
RA World, which previously operated under the name RA Group, has been in operation since at least April 2023, initially targeting organisations in the United States and South Korea.
According to security researchers at Cisco’s Talos group, RA World uses a customised version of the Babuk ransomware gang, which encrypts a victim’s data, leaving enough functionality on a device so that the victim can download and use the qTox messaging app to contact the threat actor.
RA World gains its initial access via misconfigured, internet-facing devices, and once inside a system, the group attempts to steal further credentials and move laterally across the network.
Researchers at Palo Alto Network’s Unit42 have identified a possible connection between RA World and a Chinese threat actor known as Bronze Starlight, which was first observed in the middle of 2021.
Compass Communications offers broadband and mobile services to businesses and individuals and employs more than 100 people.
“We are a 100 per cent Kiwi-owned, independent internet and telecommunications service provider, started in 1995,” the company says on its website. “That makes our brand one of the longest-tenured players in today’s telco market.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
